On Fri, 17 Jun 2005 09:02:05 +0200, martin f krafft writes: >also sprach Alexander Zangerl <az@bond.edu.au> [2005.06.17.0835 +0200]: >> no - with cbd, dud blocks effect only decryption of the block itself >> and the one directly following it. > >... and that one affects the one directly following it, and that one >affects the one directly following it. no, this is subtly wrong. the *encrypted* block affects the decryption of the block following it, not the cleartext block. one dead block spills junk all over the block+1 when decrypted, but the (undamaged) encrypted block+1 is used to decrypt block+2 and so on. >So if you have a corruption >in the first block, your data are gone. If you have a corruption in >the last block, the loss is minimal. no, see above. details (with a nice diagram) can be found on page 220 of the handbook of applied crypto. the official pdfs are here: <URL:http://www.cacr.math.uwaterloo.ca/hac/about/chap7.pdf> regards az -- + Alexander Zangerl az@bond.edu.au DSA 0xF860ACF1 + + Bond University IT School phone +61 7 5595 3398 +
Attachment:
pgpe6j7Diip8L.pgp
Description: PGP signature